[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XMLData opaqueness ?
Folks, With respect to passing in content inside the XMLData element (on either a Verify or Sign) do you believe it would be legitimate to ensure opaqueness of the content by escaping all the <'s and >'s ? For example replace all < with < and all > with > See attached for an explicit example. In fact my XML library (Gnome libxml2) is doing exactly this when I invoke the serialize() method on the parsed xml tree object. This in fact allows an implementation to support an xml declaration line (i.e. <?xml version="1.0" encoding="UTF-8"?> ) which might be inside the content (and whose encoding may be different from the request's e.g. ISO-8859-1 or UTF-16) without causing parsing problems. Is anyone else having similar challenges ? Browsers accept this escaped nesting. Ed
<?xml version="1.0"?> <VerifyRequest> <InputDocuments> <Document ID="" RefURI="" RefType=""> <Schema></Schema> <XMLData><?xml version="1.0" encoding="UTF-8"?> <a> <b> <c> <c1 MimeType="text/plain">This is the data</c1> <c2 MimeType="text/plain">This is the data</c2> <c3 MimeType="text/plain">This is the data</c3> </c> </b> <d> <d1 MimeType="text/plain">This is the data</d1> <d2 MimeType="text/plain">This is the data</d2> </d> <e> <f> <f1 MimeType="text/plain">This is the data</f1> <f2 MimeType="text/plain">This is the data</f2> <f3 MimeType="text/plain">This is the data</f3> </f> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>pgu/Uz5BP+zLoBBrBgw53jd6HkQ=</DigestValue> </Reference> </SignedInfo> <SignatureValue>ZdzhD7MgikUel39mWp3nmG3whg/WzmevyEYDM7ZU/HREssF0CayKdMuDqjktSf81YLxJPheYQh4VobTmUyu8CMST6Eu5ltrEQk3Z9004cDQvLC1/i9Vf4DEnpHdocGH0no92t2EH0ompmAQV02+uAffKO78/Dxi1qmKnvr7iZK0=</SignatureValue> <KeyInfo> <KeyName/> <X509Data> <X509Certificate>MIIEUDCCAzigAwIBAgIBJTANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UEBhMCQ0Ex EDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3YTEgMB4GA1UEChMXQ2Fu YWRhIFBvc3QgQ29ycG9yYXRpb24xGjAYBgNVBAoTEUZvciBUZXN0IFVzZSBPbmx5 MR0wGwYDVQQLExRFbGVjdHJvbmljIFBvc3QgTWFyazE2MDQGA1UEAxMtQ2FuYWRh IFBvc3QgQ29ycG9yYXRpb24gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSwwKgYJKoZI hvcNAQkBFh1TZWN1cml0eU9mZmljZXJAY2FuYWRhcG9zdC5jYTAeFw0wNDA2MDgy MDQwMzlaFw0wOTA2MDcyMDQwMzlaMIHVMQswCQYDVQQGEwJDQTEQMA4GA1UECBMH T250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMSAwHgYDVQQKExdDYW5hZGEgUG9zdCBD b3Jwb3JhdGlvbjEaMBgGA1UEChMRRm9yIFRlc3QgVXNlIE9ubHkxHTAbBgNVBAsT FEVsZWN0cm9uaWMgUG9zdCBNYXJrMR8wHQYDVQQDExZFZHdhcmQgUGF0cmljayBT aGFsbG93MSUwIwYJKoZIhvcNAQkBFhZlZHdhcmRzaGFsbG93QHlhaG9vLmNhMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwTN93TVLfN4UiHzo714UsPDXQlb/p VNUMXPzSQnEgQe8HuAn7PU2HR5hY8vmE3V8K2w9h5oqzybuUzwASTA0Pp4IDus43 /aYDzqMD0d3FfS8a+w64Vdmzky+AHxM0I5kvzmJ7NXyvZc6lweW5WNDqY/vUzHG5 XTmP4av7Z6rz2wIDAQABo4GOMIGLMAwGA1UdEwQFMAMCAQAwHQYDVR0OBBYEFPQ8 gj6eGzywxxOG4Q0mJcHLOibPMB8GA1UdIwQYMBaAFDlJBm7JMYyBXc1i6V4IYkQv K3pqMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9jYTEudXB1LmludC9tYXN0ZXIu Y3JsMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAa/QccSERNizFPuFX 91xgk3Gonlkiyaan4ZiGuD10q5608dD3DaQmcRW5vCyD3yuix+uIO5GZFpheN3OB +gbs0EDMRWZHupVja2Meghb/e3XOAYilLnTkHPfdycNsCz+AL5fyEAHvQoAo9kV5 LVG2SrDmJ+fcsiKnCTAsKFExCPuqSYUKy8sw5+C3UxHqz0a7bVg9sQvPSGAy0U6Y xiPrPUBwlFR2uVmkQbRnZD3/m6Ypxajyq5Klie72TAwP4RuB3NQnhDclDuTrJ6b3 AKYNb3RKmwJXRl9rC5IUrQ4jByzBNMilqoX6zKxB+1+GcH5WvuKVQwElbwVPHkpM EwZOBg==</X509Certificate> <X509SubjectName>emailAddress=edwardshallow@yahoo.ca,CN=Edward Patrick Shallow,OU=Electronic Post Mark,O=For Test Use Only,O=Canada Post Corporation,L=Ottawa,ST=Ontario,C=CA</X509SubjectName> <X509IssuerSerial> <X509IssuerName>emailAddress=SecurityOfficer@canadapost.ca,CN=Canada Post Corporation Certificate Authority,OU=Electr onic Post Mark,O=For Test Use Only,O=Canada Post Corporation,L=Ottawa,ST=Ontario,C=CA</X509IssuerName> <X509SerialNumber>37</X509SerialNumber> </X509IssuerSerial> </X509Data> </KeyInfo> </Signature> </e> </a> </XMLData> </Document> </InputDocuments> <NodeName></NodeName> </VerifyRequest>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]